diff --git a/2024/37xxx/CVE-2024-37564.json b/2024/37xxx/CVE-2024-37564.json index 711a45820c5..94496f832f0 100644 --- a/2024/37xxx/CVE-2024-37564.json +++ b/2024/37xxx/CVE-2024-37564.json @@ -40,9 +40,24 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "7.0.7" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "7.0.8", + "status": "unaffected" + } + ], + "lessThanOrEqual": "7.0.7", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } } ] } @@ -68,6 +83,19 @@ "source": { "discovery": "EXTERNAL" }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 7.0.8 or a higher version." + } + ], + "value": "Update to\u00a07.0.8 or a higher version." + } + ], "credits": [ { "lang": "en", diff --git a/2024/41xxx/CVE-2024-41684.json b/2024/41xxx/CVE-2024-41684.json new file mode 100644 index 00000000000..b074bbc9ada --- /dev/null +++ b/2024/41xxx/CVE-2024-41684.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-41684", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/41xxx/CVE-2024-41685.json b/2024/41xxx/CVE-2024-41685.json new file mode 100644 index 00000000000..703a2418555 --- /dev/null +++ b/2024/41xxx/CVE-2024-41685.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-41685", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/41xxx/CVE-2024-41686.json b/2024/41xxx/CVE-2024-41686.json new file mode 100644 index 00000000000..5991536b8e2 --- /dev/null +++ b/2024/41xxx/CVE-2024-41686.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-41686", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/41xxx/CVE-2024-41687.json b/2024/41xxx/CVE-2024-41687.json new file mode 100644 index 00000000000..46e64620aee --- /dev/null +++ b/2024/41xxx/CVE-2024-41687.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-41687", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/41xxx/CVE-2024-41688.json b/2024/41xxx/CVE-2024-41688.json new file mode 100644 index 00000000000..4441e858eab --- /dev/null +++ b/2024/41xxx/CVE-2024-41688.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-41688", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/41xxx/CVE-2024-41689.json b/2024/41xxx/CVE-2024-41689.json new file mode 100644 index 00000000000..b03e8010d89 --- /dev/null +++ b/2024/41xxx/CVE-2024-41689.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-41689", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/41xxx/CVE-2024-41690.json b/2024/41xxx/CVE-2024-41690.json new file mode 100644 index 00000000000..f1e96f5a7cc --- /dev/null +++ b/2024/41xxx/CVE-2024-41690.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-41690", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/41xxx/CVE-2024-41691.json b/2024/41xxx/CVE-2024-41691.json new file mode 100644 index 00000000000..0048e82b43b --- /dev/null +++ b/2024/41xxx/CVE-2024-41691.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-41691", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/41xxx/CVE-2024-41692.json b/2024/41xxx/CVE-2024-41692.json new file mode 100644 index 00000000000..b20ef4678ca --- /dev/null +++ b/2024/41xxx/CVE-2024-41692.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-41692", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5977.json b/2024/5xxx/CVE-2024-5977.json index a88ce2422c0..e3d6fe4d621 100644 --- a/2024/5xxx/CVE-2024-5977.json +++ b/2024/5xxx/CVE-2024-5977.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5977", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with GiveWP Worker-level access and above, to delete and update arbitrary posts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639 Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "webdevmattcrom", + "product": { + "product_data": [ + { + "product_name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2dca6c29-9f05-4d82-90e3-834f1dd8005a?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2dca6c29-9f05-4d82-90e3-834f1dd8005a?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/give/trunk/src/DonationForms/V2/Endpoints/FormActions.php#L96", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/give/trunk/src/DonationForms/V2/Endpoints/FormActions.php#L96" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3120745/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3120745/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Thanh Nam Tran" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/6xxx/CVE-2024-6917.json b/2024/6xxx/CVE-2024-6917.json new file mode 100644 index 00000000000..d46d2483750 --- /dev/null +++ b/2024/6xxx/CVE-2024-6917.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6917", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file